CVE-2016-2178 - log back

CVE-2016-2178 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Private key recovery
Description
+ Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
References
+ http://eprint.iacr.org/2016/594
+ https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2
+ https://www.openssl.org/news/secadv/20160922.txt
Notes